Thursday 9 April 2009

Internet Explorer 8 (IE8) crashes on intranet web-sites (Outlook too)

I've recently installed Internet Explorer 8 on both my home and work PC, and find it to be much better than IE7 in the main. However, I do find that IE8 crashes whenever it tries to load a web-site on our work internal network (some of these sites are Sharepoint sites, some are blogs, and some are web-services).
I found a couple of forums where people are reporting similar issues that kind-of hint at the problem being to do with security zones. When I asked the error message for more info, it did say that the fault comes from Urlmon.dll.
I also found that Outlook 2003 crashes when trying to display an email that contains one of the URLs! It's not trying to load anything from a website (as far as I know), just display a link inside an email. I suspect that there's a problem with it trying to figure out whether the URL is "trusted" or not.

Anyway, I realised that some URLs on a particular sub-domain seemed to be causing the problem, but not all. Contrary to the advice in the link above, I found that the URLs that were crashing were the ones that were not included in a trusted zone. URLs that I had set to be within the local intranet loaded fine. So, I experimented and found that any URL I add to the Local intranet zone no longer crashes IE8 - nor Outlook!
My theory is that some code inside the Urlmon DLL (possibly in CheckMappings, if it's the same as the link above) attempts to verify the URL, but bugs out when it tries to use the current Windows Credentials (since the issue does not appear for external sites). This is something that Microsoft should ideally fix, and I expect we'll see a hotfix for it in due course.

The Workaround Fix
Be very careful here - you should not add sites to the Local intranet zone unless you are sure they are within your company intranet. These sites get an elevated level of trust and you would be exposing yourself to security risks if you accidentally whitelisted an external site.

  • In IE8, go to Tools -> Internet Options -> Security tab.
  • Select Local intranet
  • Click Sites
  • Click Advanced
  • Add the offending URL (e.g. http://something.internal.sub.domain.net/ ) - or whole domains (e.g. *://*.internal.sub.domain.net - as per Microsoft's instructions)
  • Click Close, OK, OK.
  • Restart Outlook (IE should be fine)
If you are on a company network, I imagine this can be rolled out by applying policies.

I hope this helps someone!

[Please note: I have turned off comments on this post because I keep getting link spam]